Note: the above output should be different at each execution due to the randomness injected by the OAEP padding algorithm.

Decrypt a Message with RSA-OAEP

You are given a RSA-OAEP-encrypted ciphertext (as hex string) and a RSA private key (in PEM format). Write a program to decrypt the message, using the RSA-OAEP encryption scheme (RSA + PKCS#1 OAEP padding).

Input:

First line: the ciphertext (the encrypted message), given as hex string

Note that the RSA-OAEP padding algorithm has built-in checksum, which allows to detect incorrect decryption attempts, but it is not an authenticated encryption scheme.

* Implement Hybrid Encryption / Decryption with RSA-KEM

Write a program to encrypt a large message (bigger than the RSA key length, e.g. a PDF document) using the RSA-KEM hybrid encryption scheme with AES symmetric encryption (use block mode of choice, e.g. GCM or CTR).

Note that in some languages it is hard to find and RSA-KEM implementation, so you can skip this exercise or use another hybrid encryption scheme (e.g. RSA + AES + HMAC).

Input:

The message for encryption

RSA public key (in PEM format)

Output:

The encrypted ciphertext (hex string)

The random IV salt for the AES cipher (hex string)

The authentication tag / MAC for the encrypted message (hex string)

The encapsulated secret key for the AES algorithm (hex string)

Write a program to decrypt given encrypted message, produced by the previous exercise, using the RSA-KEM hybrid encryption scheme with AES symmetric encryption (use block mode of choice, e.g. GCM or CTR).

Input:

The encrypted ciphertext (hex string)

The random IV salt for the AES cipher (hex string)

The authentication tag / MAC for the encrypted message (hex string)

The encapsulated secret key for the AES algorithm (hex string)

Output:

The decrypted original plaintext message

Print Decryption failed! if the message decryption is not successful (e.g. wrong password)